CVE-2023-46214 — XML Injection (aka Blind XPath Injection) in Cloud

CWE-91 — XML Injection (aka Blind XPath Injection)4 documents4 sources

Severity

8.8HIGHNVD

CNA8.0

EPSS

87.8%

top 0.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Splunk Enterprise Splunk Cloud +1 more

Timeline

PublishedNov 16

Latest updateOct 23

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5splunk/splunk_enterprise9.0 — 9.0.7+1

▶NVDsplunk/cloud< 9.1.2308

▶NVDsplunk/splunk9.0.0 — 9.0.7+1

▶CVEListV5splunk/splunk_cloud- — 9.1.2308

🔴Vulnerability Details

GHSA

GHSA-mwwq-v92j-38xr: In Splunk Enterprise versions below 9↗2023-11-16

▶

CVEList

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing↗2023-11-16

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Splunk Enterprise < 9.1.2 XML Injection (CVE-2023-46214)↗2024-10-23

▶